Search

BoxSentry Ditches Challenge/Response

Singapore-based BoxSentry has historically been known as a challenge/response spam filter vendor. Readers will probably be aware that we’re no fans of C/R.

Briefly, if a C/R recipient is sent email “from” a sender that it’s never heard of, it auto-replies with a challenge. Until the sender has satisfactorily responded to the challenge, the mail doesn’t get through to the recipient’s inbox. The technique is generally less accurate than those used by today’s state-of-the-art spam filters. A significant number of people just don’t respond to challenges, which means that the false-positive problem is worse than with conventional filtering. Users who employ C/R are also seen by some as spammers in their own right, because most spam has forged sender addresses — much of them the addresses of innocent third parties.

As time goes by, BoxSentry has gradually de-emphasized C/R, but until recently it was still sending challenges for a small but significant proportion of the spam it received — and hence was sending unsolicited “replies” to people who had never sent email to the BoxSentry user.

At the RSA Conference, BoxSentry confirmed that it no longer uses C/R. This is great news for Internet users. We heartily welcome this development.